Update to Random_Compat 1.0.9.
This update includes fixes for Windows support & libSodium support, and removes the `Throwable` Polyfill due to PHP7 incompatibilities. Fixes #28633 Built from https://develop.svn.wordpress.org/trunk@35365 git-svn-id: http://core.svn.wordpress.org/trunk@35330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
a49062c2db
commit
53afc72ab7
|
@ -2188,7 +2188,7 @@ function wp_rand( $min = 0, $max = 0 ) {
|
|||
} else {
|
||||
$use_random_int_functionality = false;
|
||||
}
|
||||
} catch ( Throwable $t ) {
|
||||
} catch ( Error $e ) {
|
||||
$use_random_int_functionality = false;
|
||||
} catch ( Exception $e ) {
|
||||
$use_random_int_functionality = false;
|
||||
|
|
|
@ -27,7 +27,10 @@
|
|||
*/
|
||||
|
||||
if (!function_exists('RandomCompat_strlen')) {
|
||||
if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) {
|
||||
if (
|
||||
defined('MB_OVERLOAD_STRING') &&
|
||||
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
|
||||
) {
|
||||
/**
|
||||
* strlen() implementation that isn't brittle to mbstring.func_overload
|
||||
*
|
||||
|
@ -74,7 +77,10 @@ if (!function_exists('RandomCompat_strlen')) {
|
|||
}
|
||||
|
||||
if (!function_exists('RandomCompat_substr')) {
|
||||
if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) {
|
||||
if (
|
||||
defined('MB_OVERLOAD_STRING') &&
|
||||
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
|
||||
) {
|
||||
/**
|
||||
* substr() implementation that isn't brittle to mbstring.func_overload
|
||||
*
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
if (!function_exists('RandomCompat_intval')) {
|
||||
|
||||
/**
|
||||
* Cast to an integer if we can, safely.
|
||||
*
|
||||
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
|
||||
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
|
||||
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
|
||||
* lose precision, so the <= and => operators might accidentally let a float
|
||||
* through.
|
||||
*
|
||||
* @param numeric $number The number we want to convert to an int
|
||||
* @param boolean $fail_open Set to true to not throw an exception
|
||||
*
|
||||
* @return int (or float if $fail_open)
|
||||
*/
|
||||
function RandomCompat_intval($number, $fail_open = false)
|
||||
{
|
||||
if (is_numeric($number)) {
|
||||
$number += 0;
|
||||
}
|
||||
if (
|
||||
is_float($number) &&
|
||||
$number > ~PHP_INT_MAX &&
|
||||
$number < PHP_INT_MAX
|
||||
) {
|
||||
$number = (int) $number;
|
||||
}
|
||||
if (is_int($number) || $fail_open) {
|
||||
return $number;
|
||||
}
|
||||
throw new TypeError(
|
||||
'Expected an integer.'
|
||||
);
|
||||
}
|
||||
}
|
|
@ -26,15 +26,9 @@
|
|||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
if (!interface_exists('Throwable', false)) {
|
||||
interface Throwable
|
||||
{
|
||||
}
|
||||
}
|
||||
|
||||
if (!class_exists('Error', false)) {
|
||||
// We can't really avoid making this extend Exception in PHP 5.
|
||||
class Error extends Exception implements Throwable
|
||||
class Error extends Exception
|
||||
{
|
||||
|
||||
}
|
||||
|
|
|
@ -28,15 +28,18 @@
|
|||
|
||||
if (!defined('PHP_VERSION_ID')) {
|
||||
// This constant was introduced in PHP 5.2.7
|
||||
$version = explode('.', PHP_VERSION);
|
||||
define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
|
||||
$RandomCompatversion = explode('.', PHP_VERSION);
|
||||
define('PHP_VERSION_ID', ($RandomCompatversion[0] * 10000 + $RandomCompatversion[1] * 100 + $RandomCompatversion[2]));
|
||||
unset($RandomCompatversion);
|
||||
}
|
||||
if (PHP_VERSION_ID < 70000) {
|
||||
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
|
||||
define('RANDOM_COMPAT_READ_BUFFER', 8);
|
||||
}
|
||||
require_once "byte_safe_strings.php";
|
||||
require_once "error_polyfill.php";
|
||||
$__DIR__ = dirname(__FILE__);
|
||||
require_once $__DIR__.'/byte_safe_strings.php';
|
||||
require_once $__DIR__.'/cast_to_int.php';
|
||||
require_once $__DIR__.'/error_polyfill.php';
|
||||
if (!function_exists('random_bytes')) {
|
||||
/**
|
||||
* PHP 5.2.0 - 5.6.x way to implement random_bytes()
|
||||
|
@ -45,26 +48,68 @@ if (PHP_VERSION_ID < 70000) {
|
|||
* to the operating environment. It's a micro-optimization.
|
||||
*
|
||||
* In order of preference:
|
||||
* 1. fread() /dev/urandom if available
|
||||
* 2. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
|
||||
* 3. COM('CAPICOM.Utilities.1')->GetRandom()
|
||||
* 4. openssl_random_pseudo_bytes()
|
||||
* 1. Use libsodium if available.
|
||||
* 2. fread() /dev/urandom if available (never on Windows)
|
||||
* 3. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
|
||||
* 4. COM('CAPICOM.Utilities.1')->GetRandom()
|
||||
* 5. openssl_random_pseudo_bytes() (absolute last resort)
|
||||
*
|
||||
* See ERRATA.md for our reasoning behind this particular order
|
||||
*/
|
||||
if (!ini_get('open_basedir') && is_readable('/dev/urandom')) {
|
||||
if (extension_loaded('libsodium')) {
|
||||
// See random_bytes_libsodium.php
|
||||
require_once $__DIR__.'/random_bytes_libsodium.php';
|
||||
}
|
||||
if (
|
||||
!function_exists('random_bytes') &&
|
||||
DIRECTORY_SEPARATOR === '/' &&
|
||||
@is_readable('/dev/urandom')
|
||||
) {
|
||||
// DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
|
||||
// way to exclude Windows.
|
||||
//
|
||||
// Error suppression on is_readable() in case of an open_basedir or
|
||||
// safe_mode failure. All we care about is whether or not we can
|
||||
// read it at this point. If the PHP environment is going to panic
|
||||
// over trying to see if the file can be read in the first place,
|
||||
// that is not helpful to us here.
|
||||
|
||||
// See random_bytes_dev_urandom.php
|
||||
require_once "random_bytes_dev_urandom.php";
|
||||
} elseif (PHP_VERSION_ID >= 50307 && function_exists('mcrypt_create_iv')) {
|
||||
require_once $__DIR__.'/random_bytes_dev_urandom.php';
|
||||
}
|
||||
if (
|
||||
!function_exists('random_bytes') &&
|
||||
PHP_VERSION_ID >= 50307 &&
|
||||
extension_loaded('mcrypt')
|
||||
) {
|
||||
// See random_bytes_mcrypt.php
|
||||
require_once "random_bytes_mcrypt.php";
|
||||
} elseif (extension_loaded('com_dotnet')) {
|
||||
// See random_bytes_com_dotnet.php
|
||||
require_once "random_bytes_com_dotnet.php";
|
||||
} elseif (function_exists('openssl_random_pseudo_bytes')) {
|
||||
require_once $__DIR__.'/random_bytes_mcrypt.php';
|
||||
}
|
||||
if (
|
||||
!function_exists('random_bytes') &&
|
||||
extension_loaded('com_dotnet') &&
|
||||
class_exists('COM')
|
||||
) {
|
||||
try {
|
||||
$RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
|
||||
if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
|
||||
// See random_bytes_com_dotnet.php
|
||||
require_once $__DIR__.'/random_bytes_com_dotnet.php';
|
||||
}
|
||||
} catch (com_exception $e) {
|
||||
// Don't try to use it.
|
||||
}
|
||||
unset($RandomCompatCOMtest);
|
||||
}
|
||||
if (
|
||||
!function_exists('random_bytes') &&
|
||||
extension_loaded('openssl') &&
|
||||
PHP_VERSION_ID >= 50300
|
||||
) {
|
||||
// See random_bytes_openssl.php
|
||||
require_once "random_bytes_openssl.php";
|
||||
} else {
|
||||
require_once $__DIR__.'/random_bytes_openssl.php';
|
||||
}
|
||||
if (!function_exists('random_bytes')) {
|
||||
/**
|
||||
* We don't have any more options, so let's throw an exception right now
|
||||
* and hope the developer won't let it fail silently.
|
||||
|
@ -78,6 +123,7 @@ if (PHP_VERSION_ID < 70000) {
|
|||
}
|
||||
}
|
||||
if (!function_exists('random_int')) {
|
||||
require_once "random_int.php";
|
||||
require_once $__DIR__.'/random_int.php';
|
||||
}
|
||||
unset($__DIR__);
|
||||
}
|
||||
|
|
|
@ -39,9 +39,11 @@
|
|||
*/
|
||||
function random_bytes($bytes)
|
||||
{
|
||||
if (!is_int($bytes)) {
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'Length must be an integer'
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
if ($bytes < 1) {
|
||||
|
|
|
@ -74,9 +74,11 @@ function random_bytes($bytes)
|
|||
stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
|
||||
}
|
||||
}
|
||||
if (!is_int($bytes)) {
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'Length must be an integer'
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
if ($bytes < 1) {
|
||||
|
|
|
@ -0,0 +1,84 @@
|
|||
<?php
|
||||
/**
|
||||
* Random_* Compatibility Library
|
||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||
*
|
||||
* The MIT License (MIT)
|
||||
*
|
||||
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* If the libsodium PHP extension is loaded, we'll use it above any other
|
||||
* solution.
|
||||
*
|
||||
* libsodium-php project:
|
||||
* @ref https://github.com/jedisct1/libsodium-php
|
||||
*
|
||||
* @param int $bytes
|
||||
*
|
||||
* @throws Exception
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function random_bytes($bytes)
|
||||
{
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
if ($bytes < 1) {
|
||||
throw new Error(
|
||||
'Length must be greater than 0'
|
||||
);
|
||||
}
|
||||
/**
|
||||
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
|
||||
* generated in one invocation.
|
||||
*/
|
||||
if ($bytes > 2147483647) {
|
||||
$buf = '';
|
||||
for ($i = 0; $i < $bytes; $i += 1073741824) {
|
||||
$n = ($bytes - $i) > 1073741824
|
||||
? 1073741824
|
||||
: $bytes - $i;
|
||||
$buf .= \Sodium\randombytes_buf($n);
|
||||
}
|
||||
} else {
|
||||
$buf = \Sodium\randombytes_buf($bytes);
|
||||
}
|
||||
|
||||
if ($buf !== false) {
|
||||
if (RandomCompat_strlen($buf) === $bytes) {
|
||||
return $buf;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* If we reach here, PHP has failed us.
|
||||
*/
|
||||
throw new Exception(
|
||||
'PHP failed to generate random data.'
|
||||
);
|
||||
}
|
|
@ -41,9 +41,11 @@
|
|||
*/
|
||||
function random_bytes($bytes)
|
||||
{
|
||||
if (!is_int($bytes)) {
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'Length must be an integer'
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
if ($bytes < 1) {
|
||||
|
@ -52,7 +54,7 @@ function random_bytes($bytes)
|
|||
);
|
||||
}
|
||||
|
||||
$buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
|
||||
$buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
|
||||
if ($buf !== false) {
|
||||
if (RandomCompat_strlen($buf) === $bytes) {
|
||||
/**
|
||||
|
|
|
@ -41,9 +41,11 @@
|
|||
*/
|
||||
function random_bytes($bytes)
|
||||
{
|
||||
if (!is_int($bytes)) {
|
||||
try {
|
||||
$bytes = RandomCompat_intval($bytes);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'Length must be an integer'
|
||||
'random_bytes(): $bytes must be an integer'
|
||||
);
|
||||
}
|
||||
if ($bytes < 1) {
|
||||
|
|
|
@ -40,21 +40,34 @@ function random_int($min, $max)
|
|||
{
|
||||
/**
|
||||
* Type and input logic checks
|
||||
*
|
||||
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
|
||||
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
|
||||
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
|
||||
* lose precision, so the <= and => operators might accidentally let a float
|
||||
* through.
|
||||
*/
|
||||
if (!is_numeric($min)) {
|
||||
|
||||
try {
|
||||
$min = RandomCompat_intval($min);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_int(): $min must be an integer'
|
||||
);
|
||||
}
|
||||
if (!is_numeric($max)) {
|
||||
try {
|
||||
$max = RandomCompat_intval($max);
|
||||
} catch (TypeError $ex) {
|
||||
throw new TypeError(
|
||||
'random_int(): $max must be an integer'
|
||||
);
|
||||
}
|
||||
|
||||
$min = (int) $min;
|
||||
$max = (int) $max;
|
||||
|
||||
/**
|
||||
* Now that we've verified our weak typing system has given us an integer,
|
||||
* let's validate the logic then we can move forward with generating random
|
||||
* integers along a given range.
|
||||
*/
|
||||
if ($min > $max) {
|
||||
throw new Error(
|
||||
'Minimum value must be less than or equal to the maximum value'
|
||||
|
@ -164,7 +177,7 @@ function random_int($min, $max)
|
|||
/**
|
||||
* If $val overflows to a floating point number,
|
||||
* ... or is larger than $max,
|
||||
* ... or smaller than $int,
|
||||
* ... or smaller than $min,
|
||||
* then try again.
|
||||
*/
|
||||
} while (!is_int($val) || $val > $max || $val < $min);
|
||||
|
|
Loading…
Reference in New Issue